package leap.web.security.authc;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import leap.core.AppConfigException;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.ioc.PostCreateBean;
import leap.core.security.Authentication;
import leap.core.security.Credentials;
import leap.core.security.UserPrincipal;
import leap.core.security.token.SimpleTokenCredentials;
import leap.core.security.token.TokenVerifyException;
import leap.lang.Out;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.intercepting.State;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.SecuritySessionManager;

/* loaded from: input_file:leap/web/security/authc/DefaultTokenAuthenticationManager.class */
public class DefaultTokenAuthenticationManager extends CookieBasedAuthenticationResolver implements TokenAuthenticationManager, PostCreateBean {
    private static final Log log = LogFactory.get((Class<?>) DefaultTokenAuthenticationManager.class);

    @Inject
    protected SecurityConfig securityConfig;

    @Inject
    protected SecuritySessionManager sessionManager;
    protected TokenAuthenticator tokenAuthenticator;
    protected String logoutToken;

    /* loaded from: input_file:leap/web/security/authc/DefaultTokenAuthenticationManager$TokenAuthentication.class */
    protected static final class TokenAuthentication extends SimpleAuthentication {
        public TokenAuthentication(UserPrincipal userPrincipal, Credentials credentials) {
            super(userPrincipal, credentials);
        }
    }

    public String getLogoutToken() {
        if (null == this.logoutToken) {
            this.logoutToken = Base64.urlEncode("logout");
        }
        return this.logoutToken;
    }

    public void setLogoutToken(String str) {
        this.logoutToken = str;
    }

    @Override // leap.web.security.authc.TokenAuthenticationManager
    public State preResolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws Throwable {
        if (!this.securityConfig.isAuthenticationTokenEnabled()) {
            return State.CONTINUE;
        }
        String token = getToken(request);
        if (getLogoutToken().equals(token)) {
            this.sessionManager.removeAuthentication(request);
        }
        authenticationContext.setAuthenticationToken(token);
        return State.CONTINUE;
    }

    @Override // leap.web.security.authc.AuthenticationResolver
    public Result<Authentication> resolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws ServletException, IOException {
        if (!this.securityConfig.isAuthenticationTokenEnabled()) {
            return Result.empty();
        }
        String authenticationToken = authenticationContext.getAuthenticationToken();
        if (!Strings.isEmpty(authenticationToken) && !getLogoutToken().equals(authenticationToken)) {
            SimpleTokenCredentials simpleTokenCredentials = new SimpleTokenCredentials(authenticationToken);
            Out<UserPrincipal> out = new Out<>();
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Authenticates the auth token : {}", Strings.abbreviate(authenticationToken, 10) + "******");
                }
                if (!this.tokenAuthenticator.authenticate(authenticationContext, simpleTokenCredentials, out)) {
                    return Result.empty();
                }
                UserPrincipal value = out.getValue();
                if (null == value) {
                    throw new IllegalStateException("Credentials '" + simpleTokenCredentials + "' authenticated but no principal was returned");
                }
                Authentication authentication = this.sessionManager.getAuthentication(request);
                if (null != authentication && !value.getId().equals(authentication.getUser().getId())) {
                    this.sessionManager.removeAuthentication(request);
                }
                TokenAuthentication tokenAuthentication = new TokenAuthentication(value, simpleTokenCredentials);
                tokenAuthentication.setToken(authenticationToken);
                return Result.of(tokenAuthentication);
            } catch (TokenVerifyException e) {
                log.info("Token verify error, " + e.getMessage(), e);
                removeCookie(request, response);
                return Result.empty();
            }
        }
        return Result.empty();
    }

    @Override // leap.web.security.authc.AuthenticationResolver
    public void onLoginSuccess(Request request, Response response, Authentication authentication) {
        if (authentication instanceof TokenAuthentication) {
            return;
        }
        if (null == authentication.getToken()) {
            authentication.setToken(this.tokenAuthenticator.generateAuthenticationToken(request, response, authentication));
        }
        setCookie(request, response, authentication.getToken());
    }

    @Override // leap.web.security.authc.CookieBasedAuthenticationResolver, leap.web.security.authc.AuthenticationResolver
    public void onLogoutSuccess(Request request, Response response) {
        setCookie(request, response, getLogoutToken());
    }

    protected String getToken(Request request) {
        Cookie cookie;
        String header = request.getHeader(this.securityConfig.getAuthenticationTokenHeaderName());
        if (Strings.isEmpty(header) && null != (cookie = request.getCookie(getCookieName(request)))) {
            header = cookie.getValue();
        }
        return header;
    }

    @Override // leap.web.cookie.AbstractCookieBean
    public int getCookieExpires() {
        return -1;
    }

    @Override // leap.web.cookie.AbstractCookieBean
    public String getCookieName() {
        return this.securityConfig.getAuthenticationTokenCookieName();
    }

    @Override // leap.web.cookie.AbstractCookieBean
    public String getCookieExpiresParameter() {
        return null;
    }

    @Override // leap.core.ioc.PostCreateBean
    public void postCreate(BeanFactory beanFactory) throws Throwable {
        String authenticationTokenType = this.securityConfig.getAuthenticationTokenType();
        if (Strings.isEmpty(authenticationTokenType)) {
            throw new AppConfigException("Default token type must be configured for token based authentication");
        }
        this.tokenAuthenticator = (TokenAuthenticator) beanFactory.tryGetBean(TokenAuthenticator.class, authenticationTokenType);
        if (null == this.tokenAuthenticator) {
            throw new AppConfigException("Bean of type '" + TokenAuthenticator.class.getSimpleName() + "' and named '" + authenticationTokenType + "' does not exists");
        }
    }
}
